Hacker News: dralley

New comment by dralley in "Supply chain nightmare: How Rust will be attacked and what we can do to mitigate"

dralley — Fri, 10 Apr 2026 15:54:28 +0000

That's certainly true - and would also be true (maybe even moreso) if vendoring dependencies was widespread. Seems just as easy to hide things in a "vendored" directory that's 20x the size of the library.

New comment by dralley in "Supply chain nightmare: How Rust will be attacked and what we can do to mitigate"

dralley — Fri, 10 Apr 2026 15:47:40 +0000

I think it just depends on whether or not you interpret the phrase "no one knows" neutrally or pessimistically.

Saying that there could be something there, but "no one knows" doesn't mean that there is something there. But it's still true.

New comment by dralley in "US and Iran agree to provisional ceasefire"

dralley — Wed, 08 Apr 2026 01:07:25 +0000

Do you think only the Israelis are pissed about the Iranians funding the Houthis and Hezbollah?

The Saudis were at war with the Houthis for several years, Hezbollah assassinate Lebanese politicians and repeatedly starts wars that nobody else in Lebanon wants, which also includes intervening in the Syrian civil war on behalf of Assad and starving out Syrian villages. Ask the Syrians how they feel about Hezbollah.

New comment by dralley in "Project Glasswing: Securing critical software for the AI era"

dralley — Wed, 08 Apr 2026 00:43:49 +0000

>No state-sponsored hacking affected Americans materially.

Uh, what?

NotPetya was kind of a big deal.

New comment by dralley in "Project Glasswing: Securing critical software for the AI era"

dralley — Tue, 07 Apr 2026 20:12:38 +0000

That is unequivocally true with some things. You don't want people exercising their "self-determination" to own private nukes.

New comment by dralley in "Cloudflare targets 2029 for full post-quantum security"

dralley — Tue, 07 Apr 2026 19:46:19 +0000

There's a simultaneous push coming from the government to support PQC, ASAP, so it's not just researchers pushing this.

New comment by dralley in "Decisions that eroded trust in Azure – by a former Azure Core engineer"

dralley — Sun, 05 Apr 2026 14:58:55 +0000

The alternative is sometimes that people just copy and paste code from libraries that never gets updated.

New comment by dralley in "Decisions that eroded trust in Azure – by a former Azure Core engineer"

dralley — Fri, 03 Apr 2026 01:32:38 +0000

Rust is nowhere close to Node in terms of package number bloat. Most Rust libraries are actually useful and nontrivial and the supply chain risk is not necessarily as high for the simple reason that many crates are split up into sub-crates.

For example, instead of having one library like "hashlib" that handles all different kinds of hashing algorithms, the most "official" Rust libraries are broken up into one for sha1, one for sha2, one for sha3, one for md5, one for the generic interfaces shared by all of them, etc... but all maintained by the same organization: https://github.com/rustcrypto/

Most crypto libraries do the same. Ripgrep split off aho-corastick and memchr, the regex crate has a separate pcre library, etc.

Maybe that bumps the numbers up if you need more than one algorithm, but predominantly it is still anti-bloat and has a purpose...

New comment by dralley in "Claude Code's source code has been leaked via a map file in their NPM registry"

dralley — Tue, 31 Mar 2026 17:20:57 +0000

You're not beating the "written by an LLM" allegations.

New comment by dralley in "15 Years of Forking"

dralley — Mon, 30 Mar 2026 14:09:26 +0000

>I think that's an unfair framing. No one is paying Waterfox to allow ads

...

>Yes, that's correct. Startpage is the default search partner, and their search ads aren't blocked by default.

The framing seems fair to me. Certainly not more unfair than those who criticize Firefox for having a search deal that defaults to Google while allowing the user to change it (which some people do)

New comment by dralley in "Miscellanea: The War in Iran"

dralley — Wed, 25 Mar 2026 23:03:48 +0000

Hezbollah has assassinated multiple government leaders and politicians and administrators within Lebanon, including a bombing that killed 23 people including the Prime Minister, and shootings that killed investigators responsible for investigating the Beirut port explosion a few years ago. Suspiciously this was shortly after Hezbollah was found by those investigations to have many links to the circumstances in which so much ammonium nitrate was being stored improperly in the first place.

Hezbollah also assisted the Assad regime in Syria during the Syrian Civil war - participating in laying siege to entire villages for long enough that people starved to death.

https://www.amnesty.org/en/latest/press-release/2017/11/syri...

You are willfully ignorant. There is tremendous anger at Hezbollah even within Lebanon, especially since they restarted the war on Iran's behalf in recent weeks, giving Israel the causus belli to resume their bombing campaign against them.

New comment by dralley in "Wayland set the Linux Desktop back by 10 years?"

dralley — Fri, 20 Mar 2026 03:14:32 +0000

Same thing with Pulse Audio

People cursed the name for years, because it exposed all of the terrible, glitchy audio hardware drivers and refused on general principle to work around the issues to the degree that previous audio solutions had. And the result was that while the experience was inconsistent and buggy for years, it did eventually drag the Linux audio stack into a better place.

New comment by dralley in "Despite Doubts, Federal Cyber Experts Approved Microsoft Cloud Service"

dralley — Wed, 18 Mar 2026 19:15:56 +0000

It's a shame. In the late 2010s there was a lot of hope for Satya Nadella, but it seems like the organization has regressed back to the mean.

New comment by dralley in "North Korean's 100k fake IT workers net $500M a year for Kim"

dralley — Wed, 18 Mar 2026 16:53:51 +0000

Well, it sounds like they are effectively slaves to the government, who is raking in their income on their behalf, and would presumably be able to "activate" them as an insider threat at some point.

How Russia's new elite hit squad was compromised by Google Translate

dralley — Fri, 13 Mar 2026 17:09:37 +0000

Article URL: https://theins.press/en/inv/290235

Comments URL: https://news.ycombinator.com/item?id=47367015

Points: 34

# Comments: 6

New comment by dralley in "White House plan to break up iconic U.S. climate lab moves forward"

dralley — Fri, 13 Mar 2026 01:02:43 +0000

All of the progressives combined were putting up lower numbers than Biden alone in several states, and Biden and moderates combined in nearly every state. It wasn't "rigged" and progressives convincing themselves that it was is MAGA-style revisionism.

I also have to admire the irony of Bernie supporters acting entitled to a coronation / noncompetitive primary after the kinds of things they said in 2016.

New comment by dralley in "Britain is ejecting hereditary nobles from Parliament after 700 years"

dralley — Wed, 11 Mar 2026 23:30:24 +0000

On the other hand, voting needs to mean something. If voting doesn't mean anything, because the whole system is held in a vice grip by a sclerotic institution playing power games with itself, then the broader system eventually collapses.

My personal opinion is that Mitch McConnell's intransigence and unwillingness to do anything lest Obama get credit for it led directly to an increased desire for a "strongman"

New comment by dralley in "Pentagon formally labels Anthropic supply-chain risk"

dralley — Thu, 05 Mar 2026 20:15:15 +0000

Anthropic and the Government both signed a contract. Anthropic is still abiding the terms of that contract. The Government is demanding that they be able to disobey the contract.

New comment by dralley in "“Microslop” filtered in the official Microsoft Copilot Discord server"

dralley — Mon, 02 Mar 2026 20:11:45 +0000

> That said, this business model has historically proven effective for companies such as IBM.

In some ways. Less so in others.

For products that get commoditized for home use, the "business focused" high-margin solutions generally lose out to the commoditized solutions focused on end consumers in the long term.

New comment by dralley in "Just two days of oatmeal cut bad cholesterol by 10%"

dralley — Mon, 02 Mar 2026 04:07:56 +0000

It's a borderline kinda thing. He said if it was consistently in the 160s he would probably recommend them. My previous doctor was basically in the same camp but had me taking blood tests every 3 months for a year to see if it was stuck there.